Awesome Splunk – Massive Collection of Resources

A curated list of awesome apps, visualizations and other resources for Splunk.

Splunk captures, indexes, and correlates real-time data in a searchable
repository from which graphs, reports, alerts, dashboards, and visualizations can be generated. It is widely used in industries such as finance, utilities, healthcare and manufacturing for use-cases including security, compliance and IT service monitoring.

Contents

• Basics Basic resources for getting started
• Apps
  • Premium Apps
• Visualisations
• Conferences, Meet-Ups and Socialising
• Unofficial Resources

Basics

Basic resources for getting started with Splunk.

• Splunk Website – Splunk’s Homepage.
  • Downloads – Download page.
  • Previous Releases – Previous versions of Splunk Enterprise, Splunk Forwarders.
• Splunk Answers – Splunk’s Community Questions and Answers.
• SplunkBase – Splunk and Community built apps and add-ons.
• Splunk Blogs – Blog posts on various topics.
• Splunk Dev – Develop on Splunk.
  • Free Dev License – Request a free Splunk Developer license.
• Splunk Docs – Documentation.
• Splunk Sizing Calculators
  • Storage – Web Based Storage Requirement Calculator.

Apps

Recommended Splunk Apps.

• Splunk App for Infrastructure – Correlate logs and metrics for infrastructure monitoring.
  • Splunkbase Entry – Download page.
  • SAI Documentation – Splunk App for Infrastructure Documentation.
  • SAI Install Guide
• Miscellaneous Scripts for fixing issues with the Universal Forwarder – This kit was compiled based on common issues with Splunk deployments and managing idiosyncrasies that tend to naturally occur.

Premium Apps

Premium Apps for Splunk.

Enterprise Security

Splunk Enterprise Security is the nerve centre of the security ecosystem, giving teams the insight to quickly detect and respond to internal and external attacks, simplify threat management minimizing risk.

• ES Home Page – Splunk’s Home Page for Enterprise Security.
• ES Splunkbase Entry – Download page (if licensed).
• ES Documentation – Splunk documentation for Enterprise Security.
• Awesome-ES – An Awesome list for all things Enterprise Security.

IT Service Intelligence

Splunk IT Service Intelligence (ITSI) is a monitoring and analytics solution powered by artificial intelligence for IT Operations (AIOps) that provides visibility into health and key performance indicators of critical IT and business services, and its infrastructure.

• ITSI Home Page – Splunk’s Home Page for IT Service Intelligence.
• ITSI Splunkbase Entry – Download page (if licensed).
• ITSI Documentation – ITSI Documentation.
• Awesome-ITSI – An Awesome list for all things IT Service Intelligence.

Visualisations

• Event Timeline Viz – Interactive timeline with call-outs for events.
• Timeline – Interactive timeline.
• Halo – Hierarchical, relational pie charts.
• Heat Map – A grid of related measurements, colour intensity derived from the value.
• Calendar Heat Map – Heatmap broken down by days.
• Punchcard – Punchcard Visualisation.
• Horizon Chart – Horizon Chart Visualisation.
• Sankey Diagram – Sankey Diagram Visualisation.
• WebGL Globe – Spinning globe with events correlated to locations (flashy C-level eye-candy).
• Splunkbase Custom Visualizations – Download other custom visualizations from Splunkbase.

Conferences, Meet-Ups and Socialising

• UserGroups – Find a nearby usergroup.
• .Conf – Splunk’s annual conference website.
  • Past .Conf Material – Watch past presentations and download the slides from past .conf presentations.
• Splunk UserGroups Slack – Splunk’s publicly accessible Slack.
• /r/Splunk – Unofficial Sub-Reddit.
• IRC – Instructions for connecting to #splunk of Efnet.
• Splunk Store – Order some Splunk Schwag you missed from a meetup or .conf.
• Splunk Trust – The Splunk Trust is an invite only group of Splunk Ninjas.

Unofficial Resources

Useful Splunk resources that are not specifically associated with Splunk Inc.

Personal Home Pages

• Simon Duff – Miscellaneous scripts and visualisations.
• Ryan Faircloth – Security and Syslog related materials.
• George Starcher – Many Splunk related items, including details on Splunk ES’s Extreme Search.
• Anthony Tellez – Security and Machine Learning items.
• Duane Waddle – Miscellaneous Splunk items.
• Vladimir’s GitHub – Code for a number of Splunk resources, including CIM Validation.
• Nico’s GitHub – Repository of searches and dashboards to assist with optimising concurrency settings.
• David Veuve – Some early resources on Splunk basics and optimisations (infrequently updated).

SPL Repositories

Collections of useful Splunk searches

• GoSplunk – Search Engine for Splunk Queries split by sourcetype and use-case.